MEASURE TO PROTECT MAINE PEOPLE FROM CYBERDATA BREACHES GETS GREEN LIGHT FROM LEGISLATIVE LEADERS

Measure aligns consumer protection with HIPAA standards

AUGUSTA – Today, members of the Legislative Council unanimously approved an after-deadline bill to strengthen consumer protections after medical identity theft.

“Medical identity theft can damage policy holders for life,” said Senator Geoff Gratwick, the sponsor of the bill. “This invasion can lead to an invasion of privacy and financial loss and can lead to erroneous and even dangerous medical care.”

Sen. Gratwick of Bangor

Senator Gratwick is also a physician who has been practicing in the Bangor-area for more than more than 35 years.

The bill came in response to a recent cybersecurity attack at Anthem where 80 million people, including 300,000 Mainers had their medical data breached. The stolen data included social security numbers and birthdays.

According to current HIPAA standards for data breaches, there’s a six year statute of limitations from the time of the violations.

Senator Gratwick’s bill would be three-pronged:

• Require Anthem and other insurers to increase their coverage of identity protection services from two to six years;
• Ensure that health insurance companies in Maine adhere to HIPPA compliance rules as interpreted by the Maine Bureau of Insurance (BOI); encrypt medical and personal data to a standard approved by the Maine BOI; and align their policies with the Medical Fraud Alliance or another similar cooperative alliance approved by the Maine BOI.
• Encourage cooperation between Maine state information technology directors.

Senator Gratwick added, “The hardest thing about medical identity theft is that there is no guarantee that it won’t come back.”

###